Skip to main content

Anonymous FTP in Linux.

 


FTP server with different features:–

1. first it should be integrated with the AD server i.e exchange server.
2.anonymous user can access the server.
3.anonymous user can only able to upload the file and unable to view
other files or folders except /incoming dir.
4.AD account user can able to see all the content of the file i.e /incomming
and /outgoing.

below is the /etc/vsftpd/vsftpd.conf settings
===============================================

[root@Anonymoustest ~]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_upload_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
local_root=/outgoing
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/users
chown_upload_mode=0664
anon_umask=002

before setting these things please make sure the server should integreted with AD severs.
and AD user should able to login the server with credentials.

command to join the server with AD server is below:
======================================================
#net ads join -U adm-username -S 

for Remove

#net ads leave -u adm-username or #kdestroy

below is the some setting of some related files
=====================================================
[root@Anonymoustest ~]# cat /etc/sssd/sssd.conf
[domain/default]
cache_credentials = True
debug_level = 9

[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = novelis.biz
debug_level = 9

[nss]
filter_groups = root
filter_users = root

reconnection_retries = 3
debug_level = 9
[pam]
reconnection_retries = 3
debug_level = 9

[domain/example.biz/com]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_id_mapping = True
ad_server =
ad_hostname = Anonymoustest$
ad_domain =
debug_level = 9
ldap_schema = ad
ldap_user_principal = nosuchattributes

restart the service 

#/etc/init.d/sssd restart

======================================================

[root@Anonymoustest ~]# cat /etc/vsftpd/chroot_list
ftp

=======================================================

[root@Anonymoustest ~]# cat /etc/samba/smb.conf
[global]
workgroup = NOVELIS
realm = NOVELIS.BIZ
security = ads
idmap uid = 2000001-2119999
idmap gid = 2000001-2119999
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
kerberos method = secrets and keytab
allow trusted domains = no
log level = winbind:10
server string = Samba Server Version %v
passdb backend = tdbsam
password server = 10.90.16.66

=========================================================

[root@Anonymoustest ~]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry ‘[NOTFOUND=return]’ means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the “db” in front of “files” for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files sss
shadow: files sss
group: files sss

#hosts: db files nisplus nis dns
hosts: files dns

# Example – obey only what nisplus tells us…
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss

netgroup: files sss

publickey: nisplus

automount: files ldap
aliases: files nisplus
===========================================================

Comments

Post a Comment

Popular posts from this blog

HP SMART ARRAY CLI COMMANDS

Show configuration : /opt/hp/hpssacli/bin/hpssacli ctrl all show config Controller status /opt/hp/hpssacli/bin/hpssacli ctrl all show status Show detailed controller information for all controllers /opt/hp/hpssacli/bin/hpssacli ctrl all show detail Show detailed controller information for controller in slot 0 /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 show detail Rescan for New Devices /opt/hp/hpssacli/bin/hpssacli rescan Physical disk status /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 pd all show status Show detailed physical disk information /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 pd all show detail Logical disk status /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 ld all show status View Detailed Logical Drive Status /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 ld 2 show Create New RAID 0 Logical Drive /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 create type=ld drives=1I:1:2 raid=0 Create New RAID 1 Logical Drive /opt/hp/hpssacli/bin/hpssacli ctrl slot=0 create type=ld dri...
Post a Comment
Read more

Monthly Mksys OS backup AIX

Step-1 Estimate Backup: ================================================================= df -tk `lsvgfs rootvg` | awk ‘{total+=$3}\ END {printf “Estimated mksysb size: %d bytes, %.2f GB\n”, total*1024, total/1024/1024}’ It will give you the estimated time of backup, Step-2 Backup Command: backupios -file /home/padmin/28August2013_TESTVIOI_mksysb ===============> VIO Backup Command mksysb -e -i -X /mksysb/10Nov2013_server-1_mksysb============================>AIX server Backup command Step-3 ================= Pre -checks: => check NFS FS size(Backup file) and root vg FS sizes . Note : if any FS Full Zip old logs => To check performance of the server => To check root VG FS => To check /etc/exclude ========================== Step-4 ================================ server-1 mksysb -e -i -X /mksysb/02March2014_server-1_mksysb server-2 mksysb -e -i -X /mksysb/02March2014_sever-2_mksysb Post checkups: ==> check the process running o...
Post a Comment
Read more

HP proliant SERVER hardware commands

to check the failed disk, adapter, any physical component on hp prolient server use the below important command. # hpacucli controller all show config———-to See the failed disk in HP proliant server  Smart Array P410i in Slot 0 (Embedded) (sn: 500143802590F6C0) logicaldrive 1 (558.9 GB, RAID 1, Interim Recovery Mode) array A (SAS, Unused Space: 0 MB) physicaldrive 1I:1:1 (port 1I:box 1:bay 1, SAS, 600 GB, OK) physicaldrive 1I:1:2 (port 1I:box 1:bay 2, SAS, 600 GB, Failed)====>indicating the faild drive SEP (Vendor ID PMCSIERA, Model SRC 8x6G) 250 (WWID: 500143802590F6CF) [root@TEST:/root]# hpacucli ctrl slot=0 show Smart Array P410i in Slot 0 (Embedded) Bus Interface: PCI Slot: 0 Serial Number: 500143802590F6C0 Cache Serial Number: PBCDH0CRH1Z6R3 RAID 6 (ADG) Status: Disabled Controller Status: OK Hardware Revision: C Firmware Version: 6.60 Rebuild Priority: Medium Expand Priority: Medium Surface Scan Delay: 3 secs Surface Scan Mode: Idle Queue Depth: Autom...
Post a Comment
Read more